The retail sector, a cornerstone of the global economy, has faced an unprecedented wave of cyberattacks in recent years. Innovations in e-commerce and payment technology have transformed the way consumers shop, but it has also opened up new avenues for cyber threats.
The consequences of these attacks can reach far beyond the immediate financial losses. Customer trust and brand reputation – some of a retailer’s most valuable assets – are on the line to be irrevocably damaged. In an effort to protect customer and payment card data, retailers also have to abide by strict regulatory requirements, which have added another element to managing modern cyber risks.
This blog post explores how cybercriminals target this lucrative sector, the security challenges retailers face, and key strategies businesses can adopt to protect themselves and their customers from advancing threats.
A Decade of Growing Attacks On The Retail Sector
Over the past decade, the nature of cyber threats targeting the retail sector has evolved. What once consisted of relatively simple scams and basic phishing attempts has now grown into a much more sophisticated landscape fraught with ransomware, extortion, and attacks on software supply chains. Cybercriminals have also adapted their strategies to exploit the ever-expanding digital footprint of retailers.
The brief timeline of cyberattacks on global retailers below shows the growing interest cyber threat actors have for this major sector.
Target (2013) – Cybercriminals breached Target’s network during the Christmas shopping season, stealing sensitive data from approximately 40 million debit and credit card accounts and personal information of an additional 70 million customers. Attackers gained access through a third-party HVAC vendor’s compromised credentials, highlighting the vulnerability of supply chain connections. Once inside, they installed malware on Target’s point-of-sale systems, allowing them to harvest payment card data as customers made purchases.
eBay (2014) – eBay, one of the world’s largest online marketplaces, fell victim to a significant cyberattack that exposed the personal information of approximately 145 million users, making it one of the largest data breaches at the time. Cybercriminals gained access to a small number of eBay employee credentials, which allowed them to infiltrate the company’s corporate network. Once inside, they managed to access a database containing user information, including names, addresses, email addresses, and encrypted passwords.
Home Depot (2014) – Known as one of the largest home improvement retailers in North America, Home Depot fell victim to a massive cyberattack that compromised the credit and debit card information of approximately 56 million customers as well as exposing approximately 53 million customer email addresses. The breach occurred when cybercriminals exploited a third-party vendor’s login credentials to gain unauthorized access to the retailer’s network. Once inside, they deployed malware on the retailer’s point-of-sale (POS) systems, enabling them to steal payment card data during transactions.
Costco (2015) – The popular wholesale retail giant faced a notable attack wherein threat actors breached Costco’s photo website and compromised the personal information of around 58,000 customers. This breach exposed customer names, addresses, and in some cases, sensitive payment card information.
Saks Fifth Avenue / Lord & Taylor (2018) – The two luxury department store chains were hit by a major cyberattack orchestrated by a group of cybercriminals known as JokerStash, or Fin7. The attack exposed sensitive information belonging to nearly 5 million customers. The attackers infiltrated the stores’ payment processing systems through a phishing campaign, allowing them to steal vast amounts of customer payment card data. The breach was extensive, impacting customers who had shopped at these retailers between May 2017 and April 2018.
Under Armor (2018) – The sportswear and athletic apparel manufacturer experienced a cyberattack that raised concerns about the protection of customer information. While the breach didn’t expose financial data or payment information, it did affect millions of user accounts on the company’s popular fitness tracking app, MyFitnessPal. The attack resulted in unauthorized access to user data, including usernames, email addresses, and hashed passwords.
Ikea (2021) – Globally recognized furniture and home goods retailer faced a cyberattack that targeted one of its subsidiaries, TaskRabbit. TaskRabbit is an online platform that connects customers with freelance labor for various tasks and services. The cyberattack temporarily disrupted TaskRabbit’s operations, impacting its website and mobile app. In response, Ikea promptly shut down the platform while they investigated the breach and took steps to secure customer data.
Sobeys (2022) – Sobeys, one of Canada’s largest supermarket chains, fell victim to an attack that disrupted its operations and impacted the company’s ability to process transactions. This led to in-store payment processing issues, causing disruptions for both customers and employees. The total amount of losses from the attack was reportedly $25 million in annual net earnings.
Indigo (2023) – One of Canada’s largest book retailers, Indigo, faced a ransomware event that disrupted their operations and booted payment systems offline, including its e-commerce platform and customer databases. The attack has since been claimed by notorious threat group, LockBit, and confirmed the theft of current and former employee data.
Hot Topic (2023) – Using credential stuffing tactics, cybercriminals breached the systems of popular alternative fashion retailer, Hot Topic. During the attack, the criminals exploited the reuse of usernames and passwords across different online services, attempting to gain unauthorized access to Hot Topic customer accounts. Any customers who had reused passwords were at risk, as their accounts were vulnerable to unauthorized access.
A Catalog of Cyber Threats Faced by Retailers
Retailers these days grapple with a wide variety of threats, including ransomware, phishing scams, point-of-sale (POS) system breaches, supply chain attacks, and even insider threats.
Ransomware with Double & Triple Extortion – Ransomware attacks can disrupt retailer operations due to service outages caused by encrypted data. In double extortion attacks, cybercriminals additionally steal sensitive data before encrypting it. They then threaten to release this stolen data publicly unless a ransom is paid. Triple extortion takes this one step further with threats to launch distributed denial-of-service (DDoS) attacks against the victim if the ransom demand is not met.
Supply Chain Attacks – Threat actors target third-party suppliers to infiltrate a retailer’s network, compromising data and operations.
Insider Threats – Malicious employees or partners can intentionally harm retailers by leaking sensitive data, sabotaging systems, or assisting external attackers.
Bot Attacks – Bot attacks deploy automated software programs to mimic human behavior, overwhelming websites and disrupting online operations. These malicious bots can scrape prices, abuse promotional offers, and complete fraudulent transactions.
POS Malware – Point-of-sale (POS) malware compromises POS terminals to steal payment card data during the transaction process.
Mobile Purchase, In-Store Payment Scams – Cyber criminals exploit mobile apps for fraudulent in-store purchases, often using stolen payment details to make unauthorized transactions.
Buy Online, Pick Up In-Store Scams – Threat actors manipulate the “buy online, pick up in store” system to collect orders without payment, relying on forged confirmations or identity theft.
“Add New Payment” Scams – Scammers trick users into adding fraudulent payment methods to online retail accounts, enabling unauthorized transactions.
Gift Card Fraud – Cybercriminals exploit vulnerabilities in gift card systems, often through brute force attacks or by compromising legitimate gift cards with stolen funds. These attackers manipulate gift card balances, rendering them worthless or transferring funds to their own accounts.
How PCI-DSS Sets Retailers Up For Success
The Payment Card Industry Data Security Standard (PCI-DSS) is a comprehensive set of security standards designed to safeguard the sensitive payment card data of customers during transactions. Developed by major credit card companies like Visa, MasterCard, American Express, Discover, and JCB, PCI-DSS is crucial for any retailers that handle payment card information. PCI-DSS compliance helps retailers create a secure environment for processing payments. With the right controls in place, it helps reduce the risk of costly data breaches, regulatory penalties, and brand damage.
Some key ways in which PCI-DSS supports retailers’ cybersecurity efforts include:
Data Encryption – PCI-DSS mandates the encryption of cardholder data during transmission and when stored on servers or other devices. This encryption ensures that even if cybercriminals breach the system, the stolen data remains unreadable and unusable.
Regular Security Assessments – Retailers are required to conduct regular security assessments and vulnerability scans to identify and address potential weaknesses in their payment card systems. This proactive approach helps in detecting and mitigating vulnerabilities before they can be exploited by attackers.
Access Control – PCI-DSS emphasizes strict access control measures, ensuring that only authorized personnel have access to sensitive payment card data. This reduces the risk of insider threats and unauthorized access.
Network Security – Retailers must maintain robust network security measures, such as firewalls, intrusion detection systems, and regular security testing, to protect their payment card infrastructure from external threats.
Retailers from around the world trust SentinelOne’s Singularity platform to help them meet PCI-DSS cybersecurity controls and protect their business and customers from disruptive attacks. Read more about how Singularity measures against PCI-DSS requirements in a report conducted by Tevora, a security and risk management consulting firm, and a reputable PCI Qualified Security Assessor (QSA) and HITRUST Assessor.
SentinelOne Singularity XDR – A Comprehensive Solution for Retailer Protection
SentinelOne Singularity XDR offers a robust, all-encompassing solution that protects organizations from attacks. By extending coverage to all access points – from endpoints and users to cloud workloads and other devices – Singularity XDR delivers unparalleled visibility and security.
Key features of SentinelOne Singularity XDR that help defend against ATO attacks include:
Endpoint Protection – Secure endpoints with advanced machine learning algorithms that detect and block malicious activities in real-time.
User Behavior Analytics – Analyze user behavior patterns to identify potential account takeover attempts and take immediate action to prevent unauthorized access.
Cloud Workload Security – Protect your cloud infrastructure with automated CWPP enforcement, real-time monitoring, and threat detection, ensuring a secure environment for user accounts and sensitive data.
Integration with Existing Security Infrastructure – SentinelOne Singularity XDR seamlessly integrates with existing security stack, enhancing the organization’s overall defense against cyber threats.
The ecosystem for attacks on the retail sector has steadily transformed over the past decade. These attacks can have devastating consequences, from disrupting operations and causing financial losses to eroding customer trust and triggering legal consequences.
Robust cybersecurity measures can help retailers defeat cyber attacks. This includes endpoint protection with real-time detection and mitigation, cloud workload security, and compliance with frameworks such as PCI-DSS.